It’s All About Reputation

May 1 2009 in Articles by articles |

It's All About Reputation

I have a reputation. Mostly good I hope, but I have one. You have one. Probably good as well. If it’s not good you probably know why, and whatever it was you did was probably worth it. Reputation is a very important concept. It allows us as humans to make decisions about many things.
Author: MATTHEW JONKMAN
Source: Hakin9 5/2009 http://hakin9.org

We decide whether to trust a person, to do business with them, to date them, or even just to be seen with them based on reputation. Just being associated with a person affects your reputation in the direction of theirs. Businesses have reputations. Cities have them. Countries, governments, you name it. This is all obvious of course, but it’s worth stepping back to really consider what reputation is and how much we rely on it. Dictionary.com defines reputation as the estimation in which a person or thing is held, especially by the community or the public generally. A good definition I think which applies to our discussion. There is an estimation of what you as an individual think about another entity that you manage sub-consciously. You decide whether they’re good or bad, friendly, trustworthy, ecofriendly, whatever is important to you. We keep a concept of what we think of each entity in the categories we care about. This is important, there are many aspects of reputation. I could consider a person very unpleasant to be around but still trust them and do business with them. Reputation is not just good or bad, it’s very complex. Building a reputation is also a very complex activity. We’re doing this all the time, every exposure we have to an entity. Every piece of information we hear adds to the reputation we maintain. How much information affects reputation depends on how much we trust and value the source of information. For example, if your father (assuming you trust your father) tells you about a bad experience at a store and you know your father is a reasonable person then your internal reputation about that store is going to be adversely affected significantly. If you hear the same story from a crackpot in line at the store you’re probably not going to think as badly of the store assuming much of the story could be embellished or that the person was unreasonable in their expectations of the store. We also are affected by advertising when we consider the reputation of businesses and products. Consider a new product that hits the market. A new cereal. We know nothing about it. How do we decide whether to try it? We can look at the packaging, if it’s bright and appealing we may think positively of the cereal. If we’ve seen a few advertisements on television with attractive people happily chomping the cereal while they watch the sunrise over a mountain we could be swayed a bit. A friend or family member may have tried the cereal and told us they enjoyed it. Of those sources of information the direct experience being related to us is by far the most useful bit of information, especially if your taste coincides with that of the person relating the experience. So you’re wondering where I’m going here. I’ll tell ya. As humans we make most important decisions about other entities with reputation in mind. Sometimes reputation has a slight influence, more often the entire decision is based on reputation. The system seems to work as long as your sources of information to build those reputations are accurate. So why don’t we do this in the technical security world? Take IP addresses as an example. We know incredible amounts of data about every IP address on the planet. We have spam blackhole databases, top attacker lists, lists of known command and control servers, …. We have databases in many security companies that have a great deal of both negative and positive information about a great number of IPs. Why don’t we use this information on our network perimeters and on our Internet facing services to decide whom to talk to, whom to watch, and whom to outright block? I’ll tell you why. Two major reasons. We can’t do the lookups fast enough on a large network stream, and we haven’t figured out how to truly use and share reputation data. Neither of these problems are really technical problems. We have ways to do massive numbers of lookups very quickly, and we have the statistical science available to build and share reputation data. These are not insignificant technical challenges, and we’ll talk about them more shortly. But the reason we haven’t seen this in the real world is because we haven’t demanded it of our vendors, and they haven’t seen the value in implementing.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • PDF

Tags: , , , , , ,
No Comments »

Leave a Reply

You must be logged in to post a comment.

«
»
EN
  • IT security audits, services, penetration testing - PenTest Magazine
  • Hacking, hackers, security zone, security, cyber attacks
  • Software Developer's Journal for developers by developers
  • Web application design - Flesh & Flex developer's magazine
  • BSD, open source, magazine, tutorials bsd - BSD Magazine
  • Best solutions for e-Commerce marketing: PHP Solutions
PL
  • Software Developer's Journal for developers by developers
  • Łamanie zabezpieczeń, skuteczna ochrona komputera - magazyn o bezpieczeństwie w IT - Securitymag.pl
FR
  • Creation site e-commerce : PHP Solutions
  • psd photoshop magazine - photoshop, illustrator, indesign
  • Hacking, hackers, security zone, security, cyber attacks
DE
  • Hacking, hackers, security zone, security, cyber attacks


Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, ul. Bokserska 1, NIP 9512279582, REGON 141804060, KRS: 0000327578

Advertisement